About the AuthorWoody Leonhard

The Microsoft Update Catalog uses insecure HTTP links – not HTTPS links – on the download buttons, so patches you download from the Update Catalog are subject to all of the security problems that dog HTTP links, including man-in-the-middle attacks.S…

The very early reports are in, and it looks like this month’s monstrous panoply of patches isn’t as destructive as last month’s – so far, at least. Aside from a few reported incompatibilities, the big news involves two Outlook security holes that ki…

January 2018 will go down in history as one of the worst patching months in Microsoft’s very checkered history. That isn’t an isolated muck-up. It’s a harbinger. We had a couple of really bad months in 2017 — February and November come immediately t…

Many Surface Pro 4 customers are angry as hell. Not only are their screens getting the shakes; their batteries are dying prematurely and, in some cases, their TypeCovers turn into boat anchors.Surface Pro 4 screen flicker problems persist. Per the F…

January 2018 was a month that will go down in patching infamy. Looking back on my notes, we had patches released, yanked, re-released and/or re-re-released on 15 different days in January. Untold thousands of machines were bricked by Microsoft patch…

Microsoft told us three weeks ago that Win10 Fall Creators Update, version 1709, was ready for enterprise deployment. Since then, we’ve seen the early January patch yanked because it tanked AMD machines. Then, after the first patch was reinstated, w…

Late last year, landave, a self-described “Computer Science student enjoying cryptography, reverse engineering, and other information security topics,” discovered two startling security holes in 7-Zip, a free zip program I’ve recommended for years. …

If you’ve been playing the cat-and-mouse Microsoft patching game for a while, you know that Microsoft changes its Knowledge Base articles from time to time, without warning and at times without documentation. Now there’s a resource for those who nee…

As we crawl deeper down the Meltdown/Spectre bunny hole, Microsoft released on Friday night a weird, download-only patch that disables the “fix” that’s supposed to protect you against one of the Spectre variants. It’s the same patch, that works the …

On the heels of a relatively benevolent December Patch Tuesday, the stream of patches pouring out of Microsoft (and Intel!) in January reached epic proportions. To be fair, it looks as if Microsoft got drawn into releasing its Meltdown/Spectre barra…

With Intel announcing a massive “Oops! Belay that order!” mea culpa earlier this week for its Meltdown/Spectre-related firmware updates, it didn’t take long for hardware manufacturers to announce their own recalls – and set in motion an enormously c…

Time was you could go to Microsoft’s website and get a definitive answer as to when your Surface machine’s support life cycle would end. For reasons unknown, that information isn’t where it used to be. It’s an open question whether Microsoft has uni…

You know how you’re supposed to flash the BIOS or update the UEFI on all of your Intel machines, to guard against Meltdown/Spectre? Well, belay that order, private! Intel just announced that you need to hold off on all of its new patches. No, you ca…

Here’s a quick question. In Windows, if you have a program running when you reboot your machine, does Windows:
Start up clean, regardless of what was running at the time of shutdown?
Boot, then automatically launch all of the previously running prog…

On the heels of the Jan. 17 release of 14 Windows and .NET patches, we now have a huge crop of new patches, revised older patches, warnings about bugs, and a bewildered ecosystem of Microsoft customers who can’t figure out what in the blue blazes is…

Never give a sucker an even break. Yesterday, on a very out-of-band Wednesday, Microsoft released preview patches for Windows 8.1 (but not 7!), Server 2012, and Windows 10 1709 (for bricked AMD machines only), with preview cumulative updates for Win…

If you’re wondering whether your computer is susceptible to the latest bête noir, Meltdown and Spectre, you can take the official Microsoft patch and, after a suitable amount of technical drudgery, come away with a result that doesn’t answer much. O…

I’ve seen a lot of bizarre Microsoft patches-of-patches, but the new patches for AMD processors are in a world of their own. The security-only, manually downloadable patches appear to be Meltdown/Spectre patches for machines that were bricked by oth…

Microsoft’s documentation runs all over the place, but yesterday an announcement from ‘Softie John Cable is widely interpreted as saying that Windows 10 Fall Creators Update, version 1709, is now ready for business use. Gregg Keizer has details. To …

The headlong race to cover the Meltdown/Spectre debacle has claimed another victim. In a surprising move, Intel has raised a red flag about some of its firmware patches. What should you do? Wait.Yesterday, Intel executive VP Navin Shenoy posted on t…

As we rappel down the Patch Tuesday rabbit hole this month, Microsoft just announced that it’s going to start pushing its January Windows security patches onto AMD processors again. But it neglects to mention which ones. Per a late-night change to K…

You may recall that Microsoft disabled automatic Dynamic Data Exchange (DDE) in Word back in December. I wrote about the problem, and its solution, in “Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation.” Microsoft stopped au…

Welcome to another banner Patch Tuesday. Microsoft yesterday released 56 separately identified security patches for every supported version of Windows, Office, .Net, Internet Explorer and Edge. Out of that monstrous pile, only one patch cures a curr…

The hastily released Jan. 4 Windows Meltdown/Spectre patches left many AMD computer owners in a bind. Complaints started flowing in shortly after the release, with blue screen errors 0x000000C4 and 0x800F0845, and machines that stubbornly refused to…

Last night Microsoft released KB 4056894, the 2018-01 Security Monthly Quality Rollup for Windows 7. Spurred by early disclosure of the Meltdown and Spectre vulnerabilities, Microsoft has done yeoman work getting the software part of the patches pus…

I’m increasingly skeptical of security holes that have their own logos and PR campaigns. Yesterday’s sudden snowballing of disclosures about two groups of vulnerabilities, now known as Meltdown and Spectre, has led to enormous numbers of reports of …

Mark Coppock at Digital Trends has just published the results of a series of tests that he ran on Microsoft’s flagship Surface Book 2. Running Destiny 2 at high resolution/frame rate, or Adobe Premiere Pro CC 2018 video editing app, caused the batte…

December has brought a few surprises in Windows PatchLand, but by and large, the coast is clear. “Clear,” that is, unless you made the mistake of installing the Win10 Fall Creators Update, version 1709 (or got pushed into it), before the nominal fou…

Microsoft has just fessed up to a couple of the known bugs in this month’s Win10 version 1709 cumulative update, KB 4054517 – in particular, the stall at 99% download, and the completely bogus warning that the patch had failed to install with error …